[Bug 10322] New: open() should not throw for non same-origin URL from bugzilla@jessica.w3.org on 2010-08-09 (public-webapps@w3.org from July to September 2010)

From: <bugzilla@jessica.w3.org>
Date: Mon, 09 Aug 2010 12:13:49 +0000
To: public-webapps@w3.org
Message-ID: <bug-10322-2927@http.www.w3.org/Bugs/Public/>

http://www.w3.org/Bugs/Public/show_bug.cgi?id=10322

           Summary: open() should not throw for non same-origin URL
           Product: WebAppsWG
           Version: unspecified
          Platform: PC
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: XHR 1.0
        AssignedTo: annevk@opera.com
        ReportedBy: annevk@opera.com
         QAContact: member-webapi-cvs@w3.org
                CC: mike@w3.org, public-webapps@w3.org


At the moment XMLHttpRequest Level 1 prescribes that open() invoked with a non
same-origin URL should throw. This is incompatible with XMLHttpRequest Level 2.

Instead we should align with XMLHttpRequest Level 2 (and some implementations)
and treat non same-origin URLs as a network error during the request phase
(i.e. after send() is invoked). This gives a better migration path towards CORS
and allows us to test this requirement in browsers that implement (parts of)
XMLHttpRequest Level 2.

Along with this we should then also start throwing when the user/password
arguments of open() are non-null for a non same-origin URL as XMLHttpRequest
Level 2 does that as well.

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

Received on Monday, 9 August 2010 12:13:52 UTC